Re: SSL auth problem

Vitaliyi wrote:
> %openssl x509 -noout -dates -issuer -subject -in postgresql.crt
>
> notBefore=May 16 13:55:49 2008 GMT
> notAfter=Jun 15 13:55:49 2008 GMT
> issuer= /C=UK/ST=Some-State/L=Kiev/O=0x2A/CN=80.93.122.34/emailAddress=support(at)0x2a-dc(dot)com
> subject= /C=UK/ST=Some-State/L=Kiev/O=Internet Widgits Pty
> Ltd/CN=localhost/emailAddress=imgrey(at)gmail(dot)com
>
> %openssl x509 -noout -dates -issuer -subject -in root.crt
> notBefore=May 16 13:49:57 2008 GMT
> notAfter=Jun 15 13:49:57 2008 GMT
> issuer= /C=UK/ST=Some-State/L=Kiev/O=0x2A/CN=80.93.122.34/emailAddress=support(at)0x2a-dc(dot)com
> subject= /C=UK/ST=Some-State/L=Kiev/O=0x2A/CN=80.93.122.34/emailAddress=support(at)0x2a-dc(dot)com
>
>
> btw, the same:
>
> psql: SSL error: sslv3 alert bad certificate
>
>
> postgres[29563]: [3-1] LOG: could not accept SSL connection: no
> certificate returned

Could you also check the key files with

openssl rsa -in postgresql.key

and

openssl rsa -in server.key

and server.crt as you did above?

If they are all ok, I don't know what could be causing the error.

All that is obvious from the error message is that the client side
complains that a certificate is not ok (don't know if client, server or CA
certificate).

One last straw: is it between May 16 and June 15 on both machines involved?

Yours,
Laurenz Albe